Over the weekend, one of the most reputable online retailers in the US, Zappos, broke the news that its database was hacked and that the information for about 24 million user accounts was breached.

How do stories like this affect consumers’ attitude toward online privacy? In our August 2011 Community Speaks Qualitative Insights report, “Consumer And Online Privacy: How Much Information Is Too Much?” (available for Community Speaks subscribers only), we found that online privacy is one of the most concerning topics in online users’ minds. Two-thirds of US online consumers report being very concerned about the recording and collection of their personal details by websites.

Consumers like to take the easy way out: As soon as they feel companies are asking for irrelevant information or they’re unsure how the information they’re providing will be used, they simply abandon their transaction. To prevent losing business over this, companies need to determine what information they really need and what’s nice to have, and build a system that doesn’t force consumers to enter information that isn’t critical. As one of interviewees, age 52 from Limestone, N.Y., said, “If I'm signing up at a site and they just need the basic info (name, address, email, etc.) that's fine — but if they start asking more in depth info — social security number, bank info, credit card info — then I just close out and don’t finish it.” As my colleague Fatemeh Khatibloo wrote earlier this week, consumers are becoming increasingly aware of data capture, data breaches, and the value of personal data, and it's not enough to treat all data (nor all customers) the same.

But even if organizations get this right, it’s difficult to prepare for every form of cyber attack, as the case of Zappos shows. However, the way in which consumers respond to attacks is within the span of control of the organization. Zappos is helping its customers reset their accounts and doing everything possible to regain their confidence. In general, websites need to go the extra mile to come up with contingency plans to mitigate risks outside of their control in order to win back online consumers’ confidence.

Comments

In addition, there needs to be a serious redesign of consumer protection laws particularly around electronic information and credit. I cannot understand why I can't lock my credit report down and so there are no unauthorized accounts created or purchases. I lock my car and put an alarm on it to reduce people stealing it, but I can't do that with my identity.